Systems Engineering Laboratory 1
Note: Please treat these exercises also as professional work. For example, use meaningful commit messages.
Note: You should continue with your GitHub repository from the Version Control and Continuous Integration lab. If you did not participate in the previous lab let us know.
For more information see Reviewing changes in pull requests.
SonarQube is a quality management platform incorporating several functions. It runs different scanners performing code analysis, a database to store results and a web dashboard to view the results.
Go to the folder where SonarQube is extracted and go under
bin
.
Select the folder corresponding to your OS and inside that folder
and run ./sonar.sh console
(Linux / Mac) or
StartSonar.bat
(Win).
uname -a
command to find out
whether you are running a 32-bit or 64-bit kernel../
as
above.It takes time to start all three components of SonarQube Server (Compute engine, Search server, Web server), wait until you see all these three lines in the log:
jvm 1 | 2016.09.21 17:38:03 INFO app[o.s.p.m.Monitor] Process[es] is up
...
jvm 1 | 2016.09.21 17:38:45 INFO app[o.s.p.m.Monitor] Process[web] is up
...
jvm 1 | 2016.09.21 17:38:59 INFO app[o.s.p.m.Monitor] Process[ce] is up
Open http://localhost:9000/ in a browser to see the (currently empty) SonarQube dashboard.
You can log in with the default admin / admin credential to configure settings (but we won't need it for the current exercises).
Force user authentication
property under the
Administration/Security
menu in the dashboard.SonarQube can be easily executed from a Gradle build with the following steps.
Add the following line to the
.gradle/gradle.properties
file in the root of the project.
(Create the folder and the file, if it does not exists. Note, that a
gradle
folder may already exist, but you need a folder
named .gradle
.)
systemProp.sonar.host.url=http://localhost:9000
Add SonarQube as a plugin to the build.gradle
file
in the root. NOTE: this needs to be at the very top of the
file.
plugins {
id "org.sonarqube" version "2.6.2" apply false
}
Modify the line subprojects {
to be
subprojects { subproject ->
and add the following line
below the other plug-in(s).
apply plugin: 'org.sonarqube'
Run the analysis using the following command (from the root of the project):
./gradlew sonarqube
Open http://localhost:9000/ in a browser to go to the dashboard.
Click on the project. Inspect the bugs, vulnerabilities and code smells.
If there are any issues, select one of them that can be fixed quickly and fix it.
Run SonarQube again and inspect the results.
For more information see the SonarQube Gradle documentation.
Extra task for iMSc points: In a real project, SonarQube (or other static analysis tools) usually do not (only) run locally, but are instead integrated in the continuous integration pipeline (e.g. triggered by each commit or called from Travis). Configure your repository to run a static analysis tool for each commit! For example, you can try SonarCloud (cloud-based version of SonarQube that is free for open source projects), Codacy or Coverity Scan.
Before performing unit testing one of the components in the system, a
new feature must be implemented first. The sensor of the train
TrainSensorImpl
shall have an alarm functionality. The
alarm indicates that the difference between the reference speed and the
speed limit is too large. Such large difference may occur for example
when a wrong speed limit was given.
When the alarm is triggered in the sensor, it must set the user
(TrainUser
and TrainUserImpl
) to alarm state.
This requires two new methods for the interface and the class:
getAlarmState()
and
setAlarmState(boolean alarmState)
, and a private field
inside the class. The alarm in the sensor analyzes the value given in
its overrideSpeedLimit()
method. There are two margins to
implement, when the alarm has to be triggered.
TrainSensorImpl
class, in which the feature under test is
the recently implemented alarm.TrainSensorTest.java
file that is already created.
The file contains only method stubs, thus delete them and use your own
test methods with utilizing various features of JUnit. Use mockito to mock the two dependencies
of the class: TrainController
and TrainUser
(i.e., do not use TrainControllerImpl
and
TrainUserImpl
). Use verification (e.g.,
verify()
and when()
) in these mocks to ensure
that the communication out of the unit under test is well-implemented.
build.gradle
file of the train-sensor
project../gradlew build
task.Measure the code coverage of your tests using the JaCoCo plugin.
apply plugin: 'jacoco'
to the
build.gradle
file in the root of the project../gradlew build
task../gradlew jacocoTestReport
task.build/reports/jacoco/test
folder in each project containing your tests. (Do not confuse it with
the folder build/jacoco
.)
build
task before jacocoTestReport
.